Best practices for securely creating master RSA key

Robert J. Hansen rjh at sixdemonbag.org
Mon May 12 19:21:04 CEST 2014


> And maybe some (or all) of it should go in the FAQ, but i'll let Robert
> (who maintains the FAQ, iirc) weigh in on that.

I feel as if I should apologize in advance here, because this is going  
to be a little bit ranty -- Daniel is making a good point, though, and  
any incoherent fist-shaking at the universe that I may do is  
definitely not directed at him.

The GnuPG community is prone to bikeshedding on a truly mind-blowing  
scale.  It often seems to me that although there's general consensus  
on 90% of a subject, nobody can quite agree on what that 90% is.  If I  
present a ten-step process as being a good practice, I can rely on the  
vast majority of opinions being "this seems pretty good on these nine  
points, but this tenth one absolutely has to go because it's wrong  
wrong wrong" -- and no agreement whatsoever on which nine points are  
good and which tenth one must go.

Further, there is an unfortunate subset of the community that believes  
it has a monopoly on truth and that any disagreement is Jeoparding The  
Security Of The Entire Internet -- I capitalize that phrase because  
their emails to me often have that sense to them, as if every word was  
being emphasized just to make sure that I "got it".

For that reason I'm generally not all that fond of weighing in on  
certain subjects, because they are so phenomenally divisive and  
generate so much more heat than light.  (Case in point: PGP/MIME,  
which resulted in *so* much flamefesting in my inbox that rather than  
give a single answer on the subject I threw up my hands, said "to hell  
with it," and the FAQ entry basically says "whatever you think, half  
the community will say you're wrong.")

Anyway: yes, this probably does warrant a FAQ entry, and I'll do my  
best to make changes and send Werner a revised version.  Look for it  
by the end of the week.  It may take a bit longer, depending on how  
quickly Amazon is able to ship me a new pair of asbestos longjohns...




More information about the Gnupg-users mailing list